The use of mobile computing device, such as smart phones and tablets, has greatly increased in recent years. These devices may maintain user account integrity and user security by requiring users to authenticate themselves to the mobile computing device using user credentials. For example, a particular mobile computing device may require a user to verify their identity by submitting the correct combination of user name and password. Furthermore, organizations may require entities of the organization to enter a user name and password combination to gain access to organizational resources.
Many current password-based authentication systems rely on the ability of the user to select their own password. However, users often do not choose strong passwords, and users often have difficulty remembering randomly-generated passwords. Furthermore, mobile computing device may often be used in public or insecure environments creating a risk of the user's password being exposed to an attacker. Due to these problems, user-selected passwords are often easily compromised by an attacker. To prevent user information from being easily compromised because of poor user-selected passwords, many authentication systems employ complexity requirements such as a minimum length of eight characters, at least one upper case character, at least one lower case character and at least one non-alphabetic character. However, the complexity requirements may be difficult to implement on a mobile computing device and reduce the ease-of-use provided by the mobile computing device. Additionally, even these complexity requirements may not prevent users from selecting weak passwords. Even when adding additional complexity requirements, users may inadvertently bypass the complexity requirements and select weak passwords. For instance, the user may select a keyboard pattern that appears randomly generated, but may be easily attacked and compromised using modern techniques.